diff --git a/SOURCES/add_not_s390x_cpe_dictionary.diff b/SOURCES/add_not_s390x_cpe_dictionary.diff
index e3703c4..9361ab5 100644
--- a/SOURCES/add_not_s390x_cpe_dictionary.diff
+++ b/SOURCES/add_not_s390x_cpe_dictionary.diff
@@ -1,3 +1,16 @@
+diff --git a/rhel6/cpe/rhel6-cpe-dictionary.xml b/rhel6/cpe/rhel6-cpe-dictionary.xml
+index d0557cc..0984a4c 100644
+--- a/rhel6/cpe/rhel6-cpe-dictionary.xml
++++ b/rhel6/cpe/rhel6-cpe-dictionary.xml
+@@ -100,4 +100,8 @@
+
Package net-snmp is installed
+ installed_env_has_net-snmp_package
+
++
++ System architecture is not S390X
++ proc_sys_kernel_osrelease_arch_not_s390x
++
+
diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
index 50f8006c9..2a3915364 100644
--- a/rhel7/cpe/rhel7-cpe-dictionary.xml
diff --git a/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch b/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
new file mode 100644
index 0000000..42ee9dd
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
@@ -0,0 +1,22 @@
+From 25db8e99d7b5ab89098da284d5cd3b7fa74f2018 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker
+Date: Wed, 6 Jan 2021 16:18:47 +0100
+Subject: [PATCH] Fix jinja expansion on installed_OS_is_vendor_supported.
+
+---
+ .../certified-vendor/installed_OS_is_vendor_supported/rule.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+index 443c733188..7a51788e11 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+@@ -9,7 +9,7 @@ description: |-
+ {{% if product in ["ol7", "ol8"] %}}
+ Oracle Linux is supported by Oracle Corporation. As the Oracle
+ Linux vendor, Oracle Corporation is responsible for providing security patches.
+-{{% elif product == "sle12", "sle15" %}}
++{{% elif product in ["sle12", "sle15"] %}}
+ SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
+ vendor, SUSE is responsible for providing security patches.
+ {{% else %}}
diff --git a/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch b/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
new file mode 100644
index 0000000..293a74d
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
@@ -0,0 +1,21 @@
+From 3fcd002082b8af57cba5dc56b1403abda6957aa3 Mon Sep 17 00:00:00 2001
+From: Milan Lysonek
+Date: Mon, 23 Nov 2020 14:08:12 +0100
+Subject: [PATCH] Add SRG to ssh_client_rekey_limit
+
+---
+ .../software/integrity/crypto/ssh_client_rekey_limit/rule.yml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
+index 735a68b264..1ff99481d2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
+@@ -30,6 +30,7 @@ identifiers:
+
+ references:
+ ospp: FCS_SSHS_EXT.1
++ srg: SRG-OS-000423-GPOS-00187
+
+ ocil_clause: 'it is commented out or is not set'
+
diff --git a/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch b/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
new file mode 100644
index 0000000..98dafc0
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
@@ -0,0 +1,21 @@
+From ec2854ef669615dcee91ec8532b04f27553de4ea Mon Sep 17 00:00:00 2001
+From: Milan Lysonek
+Date: Tue, 10 Nov 2020 09:47:06 +0100
+Subject: [PATCH] Add SRG references for use_pam_wheel_for_su rule
+
+---
+ .../root_logins/use_pam_wheel_for_su/rule.yml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+index 260cbd3344..4cd0aaa842 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+@@ -22,6 +22,7 @@ identifiers:
+
+ references:
+ ospp: FMT_SMF_EXT.1.1
++ srg: 'SRG-OS-000373-GPOS-00156,SRG-OS-000312-GPOS-00123'
+
+ ocil_clause: 'the line is not in the file or it is commented'
+
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index be83448..22d8674 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -1,6 +1,6 @@
Name: scap-security-guide
Version: 0.1.53
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Security guidance and baselines in SCAP formats
Group: Applications/System
License: BSD
@@ -20,6 +20,9 @@ Patch8: scap-security-guide-0.1.54-use_osrelease_check_system_arch-PR_6458.patc
Patch9: scap-security-guide-0.1.54-set_package_not_s390x_arch_to_none-PR_6462.patch
# Patch 10 adds platform not_s390_arch to the CPE dictionary manually
Patch10: add_not_s390x_cpe_dictionary.diff
+Patch11: scap-security-guide-0.1.54-fix_jinja_expansion-PR_6511.patch
+Patch12: scap-security-guide-0.1.54-use_pam_wheel_srg-PR_6356.patch
+Patch13: scap-security-guide-0.1.54-srg_ssh_client_rekey-PR_6409.patch
BuildArch: noarch
@@ -65,6 +68,9 @@ present in %{name} package.
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
mkdir build
%build
@@ -99,6 +105,11 @@ cd build
%doc %{_docdir}/%{name}/tables/*.html
%changelog
+* Fri Jan 08 2021 Gabriel Becker - 0.1.53-4
+- Fix description of rule installed_OS_is_vendor_supported (RHBZ#1914193)
+- Fix RHEL6 CPE dictionary (RHBZ#1899059)
+- Fix SRG mapping references for ssh_client_rekey_limit and use_pam_wheel_for_su (RHBZ#1914853)
+
* Tue Dec 15 2020 Gabriel Becker - 0.1.53-3
- Enforce pam_wheel for "su" in the OSPP profile (RHBZ#1884062)
- Fix case insensitive checking in rsyslog_remote_tls (RHBZ#1899032)